The Hacker News — Cyber Security, Hacking, Technology News

Cybercriminals have stolen a massive trove of Norway's healthcare data in a recent data breach, which likely impacts more than half of the nation's population.

An unknown hacker or group of hackers managed to breach the systems of Health South-East Regional Health Authority (RHF) and reportedly stolen personal info and health records of some 2.9 million Norwegians out of the country's total 5.2 million inhabitants.

The healthcare organisation announced the data breach on Monday after it had been alerted by HelseCERT, the Norwegian CERT department for its healthcare sector, about an "abnormal activity" against computer systems in the region.

HelseCERT also said the culprits behind the data breach are "advanced and professional" hackers, although it is still unknown as to whether they were managed to exfiltrate data successfully and if so, how many people may have been impacted.

So far there's also no evidence if the stolen data theft has had any consequences for or effects on patients' safety. However, the healthcare organisation assured that security "measures had been taken to limit the damage caused by the burglary."

"We are in a phase where we try to get an overview. It's far too early to say how big the attack is. We are working to acquire knowledge of all aspects, " NorCERT director Kjetil Nilsen told Norwegian publication VG.

"Everything indicates that it is an advanced player who has the tools and ability to perform such an attack. It can be advanced criminals. There is a wide range of possibilities."

Why Do Hackers Want Your Health Data?

Digital healthcare has been growing to satisfy the demands of connected healthcare technology that provides better treatment and improved patient care.

We know that any organisation with a computer is at risk from cyber-attacks both from criminals wanting to extort money and state-sponsored hackers wanting to cause chaos.

Since the healthcare sector is part of the critical national infrastructure, alongside water, electricity and transport, it becomes an attractive target for hackers.

Believe it or not, your medical records are worth more to hackers than your stolen credit card details on the dark web markets.

Financial data has a finite lifespan, but the information contained in health care records—which includes names, birth dates, policy numbers, diagnosis codes, social security number and billing information—has a much longer shelf life and is rich enough for identity theft.

Fraudsters can use this data to create fake identities to do all illegal kinds of stuff in your name, combine a patient number with a false provider number and file fake claims with insurers, and even file fake tax returns using your stolen addresses, phone numbers and employment history.

How to Protect Yourself After a Data Breach?

If you are a one of those affected by the healthcare breach, you will have to remain vigilant against fraud for the rest of your lives, because the risk of identity theft isn't short term, unlike in case of credit cards fraud.

You may follow the following steps to protect yourself:

1) Monitor Your Accounts: Watch out if someone using your information do not ever try to take over or transfer money out of your existing accounts. Don’t forget that thieves with stolen details on you can get through your security questions, including the last four digits of your social and street address. Also, watch for any unauthorised activity or transfers on your current financial accounts.

2) File Your Taxes Early: With the stolen information in the hands, cyber thieves could hook your tax refund by filing your taxes early and claiming it for themselves. So, to avoid any such problems, file your taxes as early as possible.

3) Stay Vigilant: The foremost thing to protect against any breach is to stay vigilant, as nobody knows when or where your stolen identities will be used. So, affected consumers will simply have to stay mindful forever.

They are not just hacking your email and online banking accounts anymore.

Computer viruses do not distinguish between a personal computer or a hospital machine delivering therapy to patients — and the results could prove deadly.

Cyber attacks on hospitals have emerged as a significant cyber security risk in 2016, which not only threaten highly sensitive information but also potentially harm the very lives of those being protected.

In the latest incident, hundreds of planned operations, outpatient appointments, and diagnostic procedures have been canceled at multiple hospitals in Lincolnshire, England, after a "major" computer virus compromised the National Health Service (NHS) network on Sunday.

In a bright-red alert warning labeled "Major incident" on its website, the Northern Lincolnshire and Goole NHS Foundation Trust (NLAG) said its systems in Scunthorpe and Grimsby were infected with a virus on October 30.

The incident forced the trust to shut down all the major systems within its shared IT network in order to "isolate and destroy" the virus and cancel surgeries.

"We have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it," the NHS wrote on its website. "All planned operations, outpatient appointments and diagnostic procedures have been canceled for Wednesday, Nov. 2 with a small number of exceptions."

Some patients, including major trauma patients and high-risk women in labor, were diverted to neighbouring hospitals.

Although the majority of systems are now back and working, the NHS Trust has not provided any specific information about the sort of virus or malware or if it managed to breach any defense.

The incident took place after the U.S. and Canada issued a joint cyber alert, warning hospitals and other organizations against a surge in extortion attacks that infect computers with Ransomware that encrypts data and demand money for it to be unlocked.

Although it is unclear at the moment, the virus could likely be a ransomware that has previously targeted hospitals and healthcare facilities.

Life Threatening Cyber-Attacks

With the rise in Ransomware threat, we have seen an enormous growth in the malware businesses.

The countless transactions of Bitcoins into the dark web have energized the Ransomware authors to distribute and adopt new infection methods for the higher successful rate.

Today, Ransomware have been a soft target for both Corporates as well as Hospitals.

Since earlier this year, over a dozen hospitals have been targeted by ransomware, enforcing them to pay the ransom amount as per the demand by freezing the central medical systems.

Technological advancement in the medical arena has digitalized patients data in the form of Electronic Medical Record (EMR) in order to save them into the hospital's central database.

Since the delay in patients treatment by temporary locking down their details could even result in the patient's death, the attackers seek 100 percent guarantee ransom by infecting hospitals with Ransomware.

Due to this reason, in most of the cases, hospitals generally agrees to pay the ransom amount to the attackers.

Earlier this year, the Los Angeles-based Presbyterian Medical Center paid $17,000 in Bitcoins to cyber crooks in order to restore access to its electronic medical systems, after a ransomware virus hit the hospital.

Also back in April, the MedStar Health chain that runs a number of hospitals in the Baltimore and Washington area, was attacked with Samsam ransomware (or Samas) that encrypted sensitive data at the hospitals.

Followingly, many more hospitals, including Methodist Hospital in Henderson and Kentucky, Desert Valley Hospital in California and Chino Valley Medical Center, have been infected with Ransomware.